package com.ying.user.config;

import com.ying.user.config.filter.JwtFilter;
import com.ying.user.service.impl.MmUserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * Security 配置
 */
@Configuration
@EnableWebSecurity
@EnableConfigurationProperties(IgnoreConfig.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private IgnoreConfig ignoreConfig;

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Autowired
    private MmUserDetailsServiceImpl mmUserDetailsService;

    @Autowired
    private JwtFilter jwtFilter;

    @Bean
    public BCryptPasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(mmUserDetailsService).passwordEncoder(encoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // @formatter:off
//        http.cors()
//                // 关闭 CSRF
//                .and().csrf().disable()
//                // 登录行为由自己实现，参考 AuthController#login
//                .formLogin().disable()
//                .httpBasic().disable()
//
//                // 认证请求
//                .authorizeRequests()
//                // 所有请求都需要登录访问
//                .anyRequest()
//                .authenticated()
//                // 动态 url 认证
//                .anyRequest()
//                .access("@authorityConfig.hasPermission(request, authentication)")
//
//                // 登出行为由自己实现，参考 AuthController#logout
//                .and().logout().disable()
//                // Session 管理
//                .sessionManagement()
//                // 因为使用了JWT，所以这里不管理Session
//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//
//                // 异常处理
//                .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler);
        // @formatter:on

        // 添加自定义 JWT 过滤器
        http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
    }

    /**
     * 放行所有不需要登录就可以访问的请求，参见 AuthController
     * 也可以在 {@link #configure(HttpSecurity)} 中配置
     * {@code http.authorizeRequests().antMatchers("/api/auth/**").permitAll()}
     */
    @Override
    public void configure(WebSecurity web) {
        WebSecurity and = web.ignoring().and();

        // 忽略 GET
        ignoreConfig.getGet().forEach(url -> and.ignoring().antMatchers(HttpMethod.GET, url));

        // 忽略 POST
        ignoreConfig.getPost().forEach(url -> and.ignoring().antMatchers(HttpMethod.POST, url));

        // 忽略 DELETE
        ignoreConfig.getDelete().forEach(url -> and.ignoring().antMatchers(HttpMethod.DELETE, url));

        // 忽略 PUT
        ignoreConfig.getPut().forEach(url -> and.ignoring().antMatchers(HttpMethod.PUT, url));

        // 忽略 HEAD
        ignoreConfig.getHead().forEach(url -> and.ignoring().antMatchers(HttpMethod.HEAD, url));

        // 忽略 PATCH
        ignoreConfig.getPatch().forEach(url -> and.ignoring().antMatchers(HttpMethod.PATCH, url));

        // 忽略 OPTIONS
        ignoreConfig.getOptions().forEach(url -> and.ignoring().antMatchers(HttpMethod.OPTIONS, url));

        // 忽略 TRACE
        ignoreConfig.getTrace().forEach(url -> and.ignoring().antMatchers(HttpMethod.TRACE, url));

        // 按照请求格式忽略
        ignoreConfig.getPattern().forEach(url -> and.ignoring().antMatchers(url));

    }
}
